Blockchain security company CertiK has reminded the crypto community to stay alert over “ice phishing” scams — a unique type of phishing scam targeting Web3 users — first identified by Microsoft earlier this year.
In a Dec. 20 analysis report, CertiK
Additionally, addresses that users are planning to interact with should be looked up on these blockchain explorers for suspicious activity. In its analysis, CertiK points to an address that was funded by Tornado Cash withdrawals as an example of suspicious activity.
CertiK also suggested that users should only interact with official sites they are able to verify, and to be particularly wary of social media sites like Twitter, highlighting a fake Optimism Twitter account as an example.
The firm also advised users to take a couple of minutes to check a trusted site such as CoinMarketCap or Coingecko, users would have been able to see that the linked URL was not a legitimate site and should be avoided.
Tech giant Microsoft was the first one to highlight this practice in a Feb. 16 blog post, saying at the time that while credential phishing is very predominant in the Web2 world, ice phishing gives individual scammers the ability to steal a chunk of the crypto industry while maintaining “almost complete anonymity.”
They recommended that Web3 projects and wallet providers increase the security of their services on the software level in order to prevent the burden of avoiding ice phishing attacks being placed solely on the end-user.